SAFE public projects git trees. - safe/jmp/linux-2.6/blob - drivers/net/wan/syncppp.c

   1 /*
   2  *      NET3:   A (fairly minimal) implementation of synchronous PPP for Linux
   3  *              as well as a CISCO HDLC implementation. See the copyright
   4  *              message below for the original source.
   5  *
   6  *      This program is free software; you can redistribute it and/or
   7  *      modify it under the terms of the GNU General Public License
   8  *      as published by the Free Software Foundation; either version
   9  *      2 of the license, or (at your option) any later version.
  10  *
  11  *      Note however. This code is also used in a different form by FreeBSD.
  12  *      Therefore when making any non OS specific change please consider
  13  *      contributing it back to the original author under the terms
  14  *      below in addition.
  15  *              -- Alan
  16  *
  17  *      Port for Linux-2.1 by Jan "Yenya" Kasprzak <kas@fi.muni.cz>
  18  */
  19
  20 /*
  21  * Synchronous PPP/Cisco link level subroutines.
  22  * Keepalive protocol implemented in both Cisco and PPP modes.
  23  *
  24  * Copyright (C) 1994 Cronyx Ltd.
  25  * Author: Serge Vakulenko, <vak@zebub.msk.su>
  26  *
  27  * This software is distributed with NO WARRANTIES, not even the implied
  28  * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  29  *
  30  * Authors grant any other persons or organisations permission to use
  31  * or modify this software as long as this message is kept with the software,
  32  * all derivative works or modified versions.
  33  *
  34  * Version 1.9, Wed Oct  4 18:58:15 MSK 1995
  35  *
  36  * $Id: syncppp.c,v 1.18 2000/04/11 05:25:31 asj Exp $
  37  */
  38 #undef DEBUG
  39
  40 #include <linux/module.h>
  41 #include <linux/kernel.h>
  42 #include <linux/errno.h>
  43 #include <linux/init.h>
  44 #include <linux/if_arp.h>
  45 #include <linux/skbuff.h>
  46 #include <linux/route.h>
  47 #include <linux/netdevice.h>
  48 #include <linux/inetdevice.h>
  49 #include <linux/random.h>
  50 #include <linux/pkt_sched.h>
  51 #include <linux/spinlock.h>
  52 #include <linux/rcupdate.h>
  53
  54 #include <net/net_namespace.h>
  55 #include <net/syncppp.h>
  56
  57 #include <asm/byteorder.h>
  58 #include <asm/uaccess.h>
  59
  60 #define MAXALIVECNT     6               /* max. alive packets */
  61
  62 #define PPP_ALLSTATIONS 0xff            /* All-Stations broadcast address */
  63 #define PPP_UI          0x03            /* Unnumbered Information */
  64 #define PPP_IP          0x0021          /* Internet Protocol */
  65 #define PPP_ISO         0x0023          /* ISO OSI Protocol */
  66 #define PPP_XNS         0x0025          /* Xerox NS Protocol */
  67 #define PPP_IPX         0x002b          /* Novell IPX Protocol */
  68 #define PPP_LCP         0xc021          /* Link Control Protocol */
  69 #define PPP_IPCP        0x8021          /* Internet Protocol Control Protocol */
  70
  71 #define LCP_CONF_REQ    1               /* PPP LCP configure request */
  72 #define LCP_CONF_ACK    2               /* PPP LCP configure acknowledge */
  73 #define LCP_CONF_NAK    3               /* PPP LCP configure negative ack */
  74 #define LCP_CONF_REJ    4               /* PPP LCP configure reject */
  75 #define LCP_TERM_REQ    5               /* PPP LCP terminate request */
  76 #define LCP_TERM_ACK    6               /* PPP LCP terminate acknowledge */
  77 #define LCP_CODE_REJ    7               /* PPP LCP code reject */
  78 #define LCP_PROTO_REJ   8               /* PPP LCP protocol reject */
  79 #define LCP_ECHO_REQ    9               /* PPP LCP echo request */
  80 #define LCP_ECHO_REPLY  10              /* PPP LCP echo reply */
  81 #define LCP_DISC_REQ    11              /* PPP LCP discard request */
  82
  83 #define LCP_OPT_MRU             1       /* maximum receive unit */
  84 #define LCP_OPT_ASYNC_MAP       2       /* async control character map */
  85 #define LCP_OPT_AUTH_PROTO      3       /* authentication protocol */
  86 #define LCP_OPT_QUAL_PROTO      4       /* quality protocol */
  87 #define LCP_OPT_MAGIC           5       /* magic number */
  88 #define LCP_OPT_RESERVED        6       /* reserved */
  89 #define LCP_OPT_PROTO_COMP      7       /* protocol field compression */
  90 #define LCP_OPT_ADDR_COMP       8       /* address/control field compression */
  91
  92 #define IPCP_CONF_REQ   LCP_CONF_REQ    /* PPP IPCP configure request */
  93 #define IPCP_CONF_ACK   LCP_CONF_ACK    /* PPP IPCP configure acknowledge */
  94 #define IPCP_CONF_NAK   LCP_CONF_NAK    /* PPP IPCP configure negative ack */
  95 #define IPCP_CONF_REJ   LCP_CONF_REJ    /* PPP IPCP configure reject */
  96 #define IPCP_TERM_REQ   LCP_TERM_REQ    /* PPP IPCP terminate request */
  97 #define IPCP_TERM_ACK   LCP_TERM_ACK    /* PPP IPCP terminate acknowledge */
  98 #define IPCP_CODE_REJ   LCP_CODE_REJ    /* PPP IPCP code reject */
  99
 100 #define CISCO_MULTICAST         0x8f    /* Cisco multicast address */
 101 #define CISCO_UNICAST           0x0f    /* Cisco unicast address */
 102 #define CISCO_KEEPALIVE         0x8035  /* Cisco keepalive protocol */
 103 #define CISCO_ADDR_REQ          0       /* Cisco address request */
 104 #define CISCO_ADDR_REPLY        1       /* Cisco address reply */
 105 #define CISCO_KEEPALIVE_REQ     2       /* Cisco keepalive request */
 106
 107 struct ppp_header {
 108         u8 address;
 109         u8 control;
 110         __be16 protocol;
 111 };
 112 #define PPP_HEADER_LEN          sizeof (struct ppp_header)
 113
 114 struct lcp_header {
 115         u8 type;
 116         u8 ident;
 117         __be16 len;
 118 };
 119 #define LCP_HEADER_LEN          sizeof (struct lcp_header)
 120
 121 struct cisco_packet {
 122         __be32 type;
 123         __be32 par1;
 124         __be32 par2;
 125         __be16 rel;
 126         __be16 time0;
 127         __be16 time1;
 128 };
 129 #define CISCO_PACKET_LEN 18
 130 #define CISCO_BIG_PACKET_LEN 20
 131
 132 static struct sppp *spppq;
 133 static struct timer_list sppp_keepalive_timer;
 134 static DEFINE_SPINLOCK(spppq_lock);
 135
 136 /* global xmit queue for sending packets while spinlock is held */
 137 static struct sk_buff_head tx_queue;
 138
 139 static void sppp_keepalive (unsigned long dummy);
 140 static void sppp_cp_send (struct sppp *sp, u16 proto, u8 type,
 141         u8 ident, u16 len, void *data);
 142 static void sppp_cisco_send (struct sppp *sp, int type, u32 par1, u32 par2);
 143 static void sppp_lcp_input (struct sppp *sp, struct sk_buff *m);
 144 static void sppp_cisco_input (struct sppp *sp, struct sk_buff *m);
 145 static void sppp_ipcp_input (struct sppp *sp, struct sk_buff *m);
 146 static void sppp_lcp_open (struct sppp *sp);
 147 static void sppp_ipcp_open (struct sppp *sp);
 148 static int sppp_lcp_conf_parse_options (struct sppp *sp, struct lcp_header *h,
 149         int len, u32 *magic);
 150 static void sppp_cp_timeout (unsigned long arg);
 151 static char *sppp_lcp_type_name (u8 type);
 152 static char *sppp_ipcp_type_name (u8 type);
 153 static void sppp_print_bytes (u8 *p, u16 len);
 154
 155 static int debug;
 156
 157 /* Flush global outgoing packet queue to dev_queue_xmit().
 158  *
 159  * dev_queue_xmit() must be called with interrupts enabled
 160  * which means it can't be called with spinlocks held.
 161  * If a packet needs to be sent while a spinlock is held,
 162  * then put the packet into tx_queue, and call sppp_flush_xmit()
 163  * after spinlock is released.
 164  */
 165 static void sppp_flush_xmit(void)
 166 {
 167         struct sk_buff *skb;
 168         while ((skb = skb_dequeue(&tx_queue)) != NULL)
 169                 dev_queue_xmit(skb);
 170 }
 171
 172 /*
 173  *      Interface down stub
 174  */
 175
 176 static void if_down(struct net_device *dev)
 177 {
 178         struct sppp *sp = (struct sppp *)sppp_of(dev);
 179
 180         sp->pp_link_state=SPPP_LINK_DOWN;
 181 }
 182
 183 /*
 184  * Timeout routine activations.
 185  */
 186
 187 static void sppp_set_timeout(struct sppp *p,int s)
 188 {
 189         if (! (p->pp_flags & PP_TIMO))
 190         {
 191                 init_timer(&p->pp_timer);
 192                 p->pp_timer.function=sppp_cp_timeout;
 193                 p->pp_timer.expires=jiffies+s*HZ;
 194                 p->pp_timer.data=(unsigned long)p;
 195                 p->pp_flags |= PP_TIMO;
 196                 add_timer(&p->pp_timer);
 197         }
 198 }
 199
 200 static void sppp_clear_timeout(struct sppp *p)
 201 {
 202         if (p->pp_flags & PP_TIMO)
 203         {
 204                 del_timer(&p->pp_timer);
 205                 p->pp_flags &= ~PP_TIMO;
 206         }
 207 }
 208
 209 /**
 210  *      sppp_input -    receive and process a WAN PPP frame
 211  *      @skb:   The buffer to process
 212  *      @dev:   The device it arrived on
 213  *
 214  *      This can be called directly by cards that do not have
 215  *      timing constraints but is normally called from the network layer
 216  *      after interrupt servicing to process frames queued via netif_rx().
 217  *
 218  *      We process the options in the card. If the frame is destined for
 219  *      the protocol stacks then it requeues the frame for the upper level
 220  *      protocol. If it is a control from it is processed and discarded
 221  *      here.
 222  */
 223
 224 static void sppp_input (struct net_device *dev, struct sk_buff *skb)
 225 {
 226         struct ppp_header *h;
 227         struct sppp *sp = (struct sppp *)sppp_of(dev);
 228         unsigned long flags;
 229
 230         skb->dev=dev;
 231         skb_reset_mac_header(skb);
 232
 233         if (!pskb_may_pull(skb, PPP_HEADER_LEN)) {
 234                 /* Too small packet, drop it. */
 235                 if (sp->pp_flags & PP_DEBUG)
 236                         printk (KERN_DEBUG "%s: input packet is too small, %d bytes\n",
 237                                 dev->name, skb->len);
 238                 kfree_skb(skb);
 239                 return;
 240         }
 241
 242         /* Get PPP header. */
 243         h = (struct ppp_header *)skb->data;
 244         skb_pull(skb,sizeof(struct ppp_header));
 245
 246         spin_lock_irqsave(&sp->lock, flags);
 247
 248         switch (h->address) {
 249         default:        /* Invalid PPP packet. */
 250                 goto invalid;
 251         case PPP_ALLSTATIONS:
 252                 if (h->control != PPP_UI)
 253                         goto invalid;
 254                 if (sp->pp_flags & PP_CISCO) {
 255                         if (sp->pp_flags & PP_DEBUG)
 256                                 printk (KERN_WARNING "%s: PPP packet in Cisco mode <0x%x 0x%x 0x%x>\n",
 257                                         dev->name,
 258                                         h->address, h->control, ntohs (h->protocol));
 259                         goto drop;
 260                 }
 261                 switch (ntohs (h->protocol)) {
 262                 default:
 263                         if (sp->lcp.state == LCP_STATE_OPENED)
 264                                 sppp_cp_send (sp, PPP_LCP, LCP_PROTO_REJ,
 265                                         ++sp->pp_seq, skb->len + 2,
 266                                         &h->protocol);
 267                         if (sp->pp_flags & PP_DEBUG)
 268                                 printk (KERN_WARNING "%s: invalid input protocol <0x%x 0x%x 0x%x>\n",
 269                                         dev->name,
 270                                         h->address, h->control, ntohs (h->protocol));
 271                         goto drop;
 272                 case PPP_LCP:
 273                         sppp_lcp_input (sp, skb);
 274                         goto drop;
 275                 case PPP_IPCP:
 276                         if (sp->lcp.state == LCP_STATE_OPENED)
 277                                 sppp_ipcp_input (sp, skb);
 278                         else
 279                                 printk(KERN_DEBUG "IPCP when still waiting LCP finish.\n");
 280                         goto drop;
 281                 case PPP_IP:
 282                         if (sp->ipcp.state == IPCP_STATE_OPENED) {
 283                                 if(sp->pp_flags&PP_DEBUG)
 284                                         printk(KERN_DEBUG "Yow an IP frame.\n");
 285                                 skb->protocol=htons(ETH_P_IP);
 286                                 netif_rx(skb);
 287                                 goto done;
 288                         }
 289                         break;
 290 #ifdef IPX
 291                 case PPP_IPX:
 292                         /* IPX IPXCP not implemented yet */
 293                         if (sp->lcp.state == LCP_STATE_OPENED) {
 294                                 skb->protocol=htons(ETH_P_IPX);
 295                                 netif_rx(skb);
 296                                 goto done;
 297                         }
 298                         break;
 299 #endif
 300                 }
 301                 break;
 302         case CISCO_MULTICAST:
 303         case CISCO_UNICAST:
 304                 /* Don't check the control field here (RFC 1547). */
 305                 if (! (sp->pp_flags & PP_CISCO)) {
 306                         if (sp->pp_flags & PP_DEBUG)
 307                                 printk (KERN_WARNING "%s: Cisco packet in PPP mode <0x%x 0x%x 0x%x>\n",
 308                                         dev->name,
 309                                         h->address, h->control, ntohs (h->protocol));
 310                         goto drop;
 311                 }
 312                 switch (ntohs (h->protocol)) {
 313                 default:
 314                         goto invalid;
 315                 case CISCO_KEEPALIVE:
 316                         sppp_cisco_input (sp, skb);
 317                         goto drop;
 318 #ifdef CONFIG_INET
 319                 case ETH_P_IP:
 320                         skb->protocol=htons(ETH_P_IP);
 321                         netif_rx(skb);
 322                         goto done;
 323 #endif
 324 #ifdef CONFIG_IPX
 325                 case ETH_P_IPX:
 326                         skb->protocol=htons(ETH_P_IPX);
 327                         netif_rx(skb);
 328                         goto done;
 329 #endif
 330                 }
 331                 break;
 332         }
 333         goto drop;
 334
 335 invalid:
 336         if (sp->pp_flags & PP_DEBUG)
 337                 printk (KERN_WARNING "%s: invalid input packet <0x%x 0x%x 0x%x>\n",
 338                         dev->name, h->address, h->control, ntohs (h->protocol));
 339 drop:
 340         kfree_skb(skb);
 341 done:
 342         spin_unlock_irqrestore(&sp->lock, flags);
 343         sppp_flush_xmit();
 344         return;
 345 }
 346
 347 /*
 348  *      Handle transmit packets.
 349  */
 350
 351 static int sppp_hard_header(struct sk_buff *skb,
 352                             struct net_device *dev, __u16 type,
 353                             const void *daddr, const void *saddr,
 354                             unsigned int len)
 355 {
 356         struct sppp *sp = (struct sppp *)sppp_of(dev);
 357         struct ppp_header *h;
 358         skb_push(skb,sizeof(struct ppp_header));
 359         h=(struct ppp_header *)skb->data;
 360         if(sp->pp_flags&PP_CISCO)
 361         {
 362                 h->address = CISCO_UNICAST;
 363                 h->control = 0;
 364         }
 365         else
 366         {
 367                 h->address = PPP_ALLSTATIONS;
 368                 h->control = PPP_UI;
 369         }
 370         if(sp->pp_flags & PP_CISCO)
 371         {
 372                 h->protocol = htons(type);
 373         }
 374         else switch(type)
 375         {
 376                 case ETH_P_IP:
 377                         h->protocol = htons(PPP_IP);
 378                         break;
 379                 case ETH_P_IPX:
 380                         h->protocol = htons(PPP_IPX);
 381                         break;
 382         }
 383         return sizeof(struct ppp_header);
 384 }
 385
 386 static const struct header_ops sppp_header_ops = {
 387         .create = sppp_hard_header,
 388 };
 389
 390 /*
 391  * Send keepalive packets, every 10 seconds.
 392  */
 393
 394 static void sppp_keepalive (unsigned long dummy)
 395 {
 396         struct sppp *sp;
 397         unsigned long flags;
 398
 399         spin_lock_irqsave(&spppq_lock, flags);
 400
 401         for (sp=spppq; sp; sp=sp->pp_next)
 402         {
 403                 struct net_device *dev = sp->pp_if;
 404
 405                 /* Keepalive mode disabled or channel down? */
 406                 if (! (sp->pp_flags & PP_KEEPALIVE) ||
 407                     ! (dev->flags & IFF_UP))
 408                         continue;
 409
 410                 spin_lock(&sp->lock);
 411
 412                 /* No keepalive in PPP mode if LCP not opened yet. */
 413                 if (! (sp->pp_flags & PP_CISCO) &&
 414                     sp->lcp.state != LCP_STATE_OPENED) {
 415                         spin_unlock(&sp->lock);
 416                         continue;
 417                 }
 418
 419                 if (sp->pp_alivecnt == MAXALIVECNT) {
 420                         /* No keepalive packets got.  Stop the interface. */
 421                         printk (KERN_WARNING "%s: protocol down\n", dev->name);
 422                         if_down (dev);
 423                         if (! (sp->pp_flags & PP_CISCO)) {
 424                                 /* Shut down the PPP link. */
 425                                 sp->lcp.magic = jiffies;
 426                                 sp->lcp.state = LCP_STATE_CLOSED;
 427                                 sp->ipcp.state = IPCP_STATE_CLOSED;
 428                                 sppp_clear_timeout (sp);
 429                                 /* Initiate negotiation. */
 430                                 sppp_lcp_open (sp);
 431                         }
 432                 }
 433                 if (sp->pp_alivecnt <= MAXALIVECNT)
 434                         ++sp->pp_alivecnt;
 435                 if (sp->pp_flags & PP_CISCO)
 436                         sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq,
 437                                 sp->pp_rseq);
 438                 else if (sp->lcp.state == LCP_STATE_OPENED) {
 439                         __be32 nmagic = htonl (sp->lcp.magic);
 440                         sp->lcp.echoid = ++sp->pp_seq;
 441                         sppp_cp_send (sp, PPP_LCP, LCP_ECHO_REQ,
 442                                 sp->lcp.echoid, 4, &nmagic);
 443                 }
 444
 445                 spin_unlock(&sp->lock);
 446         }
 447         spin_unlock_irqrestore(&spppq_lock, flags);
 448         sppp_flush_xmit();
 449         sppp_keepalive_timer.expires=jiffies+10*HZ;
 450         add_timer(&sppp_keepalive_timer);
 451 }
 452
 453 /*
 454  * Handle incoming PPP Link Control Protocol packets.
 455  */
 456
 457 static void sppp_lcp_input (struct sppp *sp, struct sk_buff *skb)
 458 {
 459         struct lcp_header *h;
 460         struct net_device *dev = sp->pp_if;
 461         int len = skb->len;
 462         u8 *p, opt[6];
 463         u32 rmagic = 0;
 464
 465         if (!pskb_may_pull(skb, sizeof(struct lcp_header))) {
 466                 if (sp->pp_flags & PP_DEBUG)
 467                         printk (KERN_WARNING "%s: invalid lcp packet length: %d bytes\n",
 468                                 dev->name, len);
 469                 return;
 470         }
 471         h = (struct lcp_header *)skb->data;
 472         skb_pull(skb,sizeof(struct lcp_header *));
 473
 474         if (sp->pp_flags & PP_DEBUG)
 475         {
 476                 char state = '?';
 477                 switch (sp->lcp.state) {
 478                 case LCP_STATE_CLOSED:   state = 'C'; break;
 479                 case LCP_STATE_ACK_RCVD: state = 'R'; break;
 480                 case LCP_STATE_ACK_SENT: state = 'S'; break;
 481                 case LCP_STATE_OPENED:   state = 'O'; break;
 482                 }
 483                 printk (KERN_WARNING "%s: lcp input(%c): %d bytes <%s id=%xh len=%xh",
 484                         dev->name, state, len,
 485                         sppp_lcp_type_name (h->type), h->ident, ntohs (h->len));
 486                 if (len > 4)
 487                         sppp_print_bytes ((u8*) (h+1), len-4);
 488                 printk (">\n");
 489         }
 490         if (len > ntohs (h->len))
 491                 len = ntohs (h->len);
 492         switch (h->type) {
 493         default:
 494                 /* Unknown packet type -- send Code-Reject packet. */
 495                 sppp_cp_send (sp, PPP_LCP, LCP_CODE_REJ, ++sp->pp_seq,
 496                         skb->len, h);
 497                 break;
 498         case LCP_CONF_REQ:
 499                 if (len < 4) {
 500                         if (sp->pp_flags & PP_DEBUG)
 501                                 printk (KERN_DEBUG"%s: invalid lcp configure request packet length: %d bytes\n",
 502                                         dev->name, len);
 503                         break;
 504                 }
 505                 if (len>4 && !sppp_lcp_conf_parse_options (sp, h, len, &rmagic))
 506                         goto badreq;
 507                 if (rmagic == sp->lcp.magic) {
 508                         /* Local and remote magics equal -- loopback? */
 509                         if (sp->pp_loopcnt >= MAXALIVECNT*5) {
 510                                 printk (KERN_WARNING "%s: loopback\n",
 511                                         dev->name);
 512                                 sp->pp_loopcnt = 0;
 513                                 if (dev->flags & IFF_UP) {
 514                                         if_down (dev);
 515                                 }
 516                         } else if (sp->pp_flags & PP_DEBUG)
 517                                 printk (KERN_DEBUG "%s: conf req: magic glitch\n",
 518                                         dev->name);
 519                         ++sp->pp_loopcnt;
 520
 521                         /* MUST send Conf-Nack packet. */
 522                         rmagic = ~sp->lcp.magic;
 523                         opt[0] = LCP_OPT_MAGIC;
 524                         opt[1] = sizeof (opt);
 525                         opt[2] = rmagic >> 24;
 526                         opt[3] = rmagic >> 16;
 527                         opt[4] = rmagic >> 8;
 528                         opt[5] = rmagic;
 529                         sppp_cp_send (sp, PPP_LCP, LCP_CONF_NAK,
 530                                 h->ident, sizeof (opt), &opt);
 531 badreq:
 532                         switch (sp->lcp.state) {
 533                         case LCP_STATE_OPENED:
 534                                 /* Initiate renegotiation. */
 535                                 sppp_lcp_open (sp);
 536                                 /* fall through... */
 537                         case LCP_STATE_ACK_SENT:
 538                                 /* Go to closed state. */
 539                                 sp->lcp.state = LCP_STATE_CLOSED;
 540                                 sp->ipcp.state = IPCP_STATE_CLOSED;
 541                         }
 542                         break;
 543                 }
 544                 /* Send Configure-Ack packet. */
 545                 sp->pp_loopcnt = 0;
 546                 if (sp->lcp.state != LCP_STATE_OPENED) {
 547                         sppp_cp_send (sp, PPP_LCP, LCP_CONF_ACK,
 548                                         h->ident, len-4, h+1);
 549                 }
 550                 /* Change the state. */
 551                 switch (sp->lcp.state) {
 552                 case LCP_STATE_CLOSED:
 553                         sp->lcp.state = LCP_STATE_ACK_SENT;
 554                         break;
 555                 case LCP_STATE_ACK_RCVD:
 556                         sp->lcp.state = LCP_STATE_OPENED;
 557                         sppp_ipcp_open (sp);
 558                         break;
 559                 case LCP_STATE_OPENED:
 560                         /* Remote magic changed -- close session. */
 561                         sp->lcp.state = LCP_STATE_CLOSED;
 562                         sp->ipcp.state = IPCP_STATE_CLOSED;
 563                         /* Initiate renegotiation. */
 564                         sppp_lcp_open (sp);
 565                         /* Send ACK after our REQ in attempt to break loop */
 566                         sppp_cp_send (sp, PPP_LCP, LCP_CONF_ACK,
 567                                         h->ident, len-4, h+1);
 568                         sp->lcp.state = LCP_STATE_ACK_SENT;
 569                         break;
 570                 }
 571                 break;
 572         case LCP_CONF_ACK:
 573                 if (h->ident != sp->lcp.confid)
 574                         break;
 575                 sppp_clear_timeout (sp);
 576                 if ((sp->pp_link_state != SPPP_LINK_UP) &&
 577                     (dev->flags & IFF_UP)) {
 578                         /* Coming out of loopback mode. */
 579                         sp->pp_link_state=SPPP_LINK_UP;
 580                         printk (KERN_INFO "%s: protocol up\n", dev->name);
 581                 }
 582                 switch (sp->lcp.state) {
 583                 case LCP_STATE_CLOSED:
 584                         sp->lcp.state = LCP_STATE_ACK_RCVD;
 585                         sppp_set_timeout (sp, 5);
 586                         break;
 587                 case LCP_STATE_ACK_SENT:
 588                         sp->lcp.state = LCP_STATE_OPENED;
 589                         sppp_ipcp_open (sp);
 590                         break;
 591                 }
 592                 break;
 593         case LCP_CONF_NAK:
 594                 if (h->ident != sp->lcp.confid)
 595                         break;
 596                 p = (u8*) (h+1);
 597                 if (len>=10 && p[0] == LCP_OPT_MAGIC && p[1] >= 4) {
 598                         rmagic = (u32)p[2] << 24 |
 599                                 (u32)p[3] << 16 | p[4] << 8 | p[5];
 600                         if (rmagic == ~sp->lcp.magic) {
 601                                 int newmagic;
 602                                 if (sp->pp_flags & PP_DEBUG)
 603                                         printk (KERN_DEBUG "%s: conf nak: magic glitch\n",
 604                                                 dev->name);
 605                                 get_random_bytes(&newmagic, sizeof(newmagic));
 606                                 sp->lcp.magic += newmagic;
 607                         } else
 608                                 sp->lcp.magic = rmagic;
 609                         }
 610                 if (sp->lcp.state != LCP_STATE_ACK_SENT) {
 611                         /* Go to closed state. */
 612                         sp->lcp.state = LCP_STATE_CLOSED;
 613                         sp->ipcp.state = IPCP_STATE_CLOSED;
 614                 }
 615                 /* The link will be renegotiated after timeout,
 616                  * to avoid endless req-nack loop. */
 617                 sppp_clear_timeout (sp);
 618                 sppp_set_timeout (sp, 2);
 619                 break;
 620         case LCP_CONF_REJ:
 621                 if (h->ident != sp->lcp.confid)
 622                         break;
 623                 sppp_clear_timeout (sp);
 624                 /* Initiate renegotiation. */
 625                 sppp_lcp_open (sp);
 626                 if (sp->lcp.state != LCP_STATE_ACK_SENT) {
 627                         /* Go to closed state. */
 628                         sp->lcp.state = LCP_STATE_CLOSED;
 629                         sp->ipcp.state = IPCP_STATE_CLOSED;
 630                 }
 631                 break;
 632         case LCP_TERM_REQ:
 633                 sppp_clear_timeout (sp);
 634                 /* Send Terminate-Ack packet. */
 635                 sppp_cp_send (sp, PPP_LCP, LCP_TERM_ACK, h->ident, 0, NULL);
 636                 /* Go to closed state. */
 637                 sp->lcp.state = LCP_STATE_CLOSED;
 638                 sp->ipcp.state = IPCP_STATE_CLOSED;
 639                 /* Initiate renegotiation. */
 640                 sppp_lcp_open (sp);
 641                 break;
 642         case LCP_TERM_ACK:
 643         case LCP_CODE_REJ:
 644         case LCP_PROTO_REJ:
 645                 /* Ignore for now. */
 646                 break;
 647         case LCP_DISC_REQ:
 648                 /* Discard the packet. */
 649                 break;
 650         case LCP_ECHO_REQ:
 651                 if (sp->lcp.state != LCP_STATE_OPENED)
 652                         break;
 653                 if (len < 8) {
 654                         if (sp->pp_flags & PP_DEBUG)
 655                                 printk (KERN_WARNING "%s: invalid lcp echo request packet length: %d bytes\n",
 656                                         dev->name, len);
 657                         break;
 658                 }
 659                 if (ntohl (*(__be32*)(h+1)) == sp->lcp.magic) {
 660                         /* Line loopback mode detected. */
 661                         printk (KERN_WARNING "%s: loopback\n", dev->name);
 662                         if_down (dev);
 663
 664                         /* Shut down the PPP link. */
 665                         sp->lcp.state = LCP_STATE_CLOSED;
 666                         sp->ipcp.state = IPCP_STATE_CLOSED;
 667                         sppp_clear_timeout (sp);
 668                         /* Initiate negotiation. */
 669                         sppp_lcp_open (sp);
 670                         break;
 671                 }
 672                 *(__be32 *)(h+1) = htonl (sp->lcp.magic);
 673                 sppp_cp_send (sp, PPP_LCP, LCP_ECHO_REPLY, h->ident, len-4, h+1);
 674                 break;
 675         case LCP_ECHO_REPLY:
 676                 if (h->ident != sp->lcp.echoid)
 677                         break;
 678                 if (len < 8) {
 679                         if (sp->pp_flags & PP_DEBUG)
 680                                 printk (KERN_WARNING "%s: invalid lcp echo reply packet length: %d bytes\n",
 681                                         dev->name, len);
 682                         break;
 683                 }
 684                 if (ntohl(*(__be32 *)(h+1)) != sp->lcp.magic)
 685                 sp->pp_alivecnt = 0;
 686                 break;
 687         }
 688 }
 689
 690 /*
 691  * Handle incoming Cisco keepalive protocol packets.
 692  */
 693
 694 static void sppp_cisco_input (struct sppp *sp, struct sk_buff *skb)
 695 {
 696         struct cisco_packet *h;
 697         struct net_device *dev = sp->pp_if;
 698
 699         if (!pskb_may_pull(skb, sizeof(struct cisco_packet))
 700             || (skb->len != CISCO_PACKET_LEN
 701                 && skb->len != CISCO_BIG_PACKET_LEN)) {
 702                 if (sp->pp_flags & PP_DEBUG)
 703                         printk (KERN_WARNING "%s: invalid cisco packet length: %d bytes\n",
 704                                 dev->name,  skb->len);
 705                 return;
 706         }
 707         h = (struct cisco_packet *)skb->data;
 708         skb_pull(skb, sizeof(struct cisco_packet*));
 709         if (sp->pp_flags & PP_DEBUG)
 710                 printk (KERN_WARNING "%s: cisco input: %d bytes <%xh %xh %xh %xh %xh-%xh>\n",
 711                         dev->name,  skb->len,
 712                         ntohl (h->type), h->par1, h->par2, h->rel,
 713                         h->time0, h->time1);
 714         switch (ntohl (h->type)) {
 715         default:
 716                 if (sp->pp_flags & PP_DEBUG)
 717                         printk (KERN_WARNING "%s: unknown cisco packet type: 0x%x\n",
 718                                 dev->name,  ntohl (h->type));
 719                 break;
 720         case CISCO_ADDR_REPLY:
 721                 /* Reply on address request, ignore */
 722                 break;
 723         case CISCO_KEEPALIVE_REQ:
 724                 sp->pp_alivecnt = 0;
 725                 sp->pp_rseq = ntohl (h->par1);
 726                 if (sp->pp_seq == sp->pp_rseq) {
 727                         /* Local and remote sequence numbers are equal.
 728                          * Probably, the line is in loopback mode. */
 729                         int newseq;
 730                         if (sp->pp_loopcnt >= MAXALIVECNT) {
 731                                 printk (KERN_WARNING "%s: loopback\n",
 732                                         dev->name);
 733                                 sp->pp_loopcnt = 0;
 734                                 if (dev->flags & IFF_UP) {
 735                                         if_down (dev);
 736                                 }
 737                         }
 738                         ++sp->pp_loopcnt;
 739
 740                         /* Generate new local sequence number */
 741                         get_random_bytes(&newseq, sizeof(newseq));
 742                         sp->pp_seq ^= newseq;
 743                         break;
 744                 }
 745                 sp->pp_loopcnt = 0;
 746                 if (sp->pp_link_state==SPPP_LINK_DOWN &&
 747                     (dev->flags & IFF_UP)) {
 748                         sp->pp_link_state=SPPP_LINK_UP;
 749                         printk (KERN_INFO "%s: protocol up\n", dev->name);
 750                 }
 751                 break;
 752         case CISCO_ADDR_REQ:
 753                 /* Stolen from net/ipv4/devinet.c -- SIOCGIFADDR ioctl */
 754                 {
 755                 __be32 addr = 0, mask = htonl(~0U); /* FIXME: is the mask correct? */
 756 #ifdef CONFIG_INET
 757                 struct in_device *in_dev;
 758                 struct in_ifaddr *ifa;
 759
 760                 rcu_read_lock();
 761                 if ((in_dev = __in_dev_get_rcu(dev)) != NULL)
 762                 {
 763                         for (ifa=in_dev->ifa_list; ifa != NULL;
 764                                 ifa=ifa->ifa_next) {
 765                                 if (strcmp(dev->name, ifa->ifa_label) == 0)
 766                                 {
 767                                         addr = ifa->ifa_local;
 768                                         mask = ifa->ifa_mask;
 769                                         break;
 770                                 }
 771                         }
 772                 }
 773                 rcu_read_unlock();
 774 #endif
 775                 sppp_cisco_send (sp, CISCO_ADDR_REPLY, ntohl(addr), ntohl(mask));
 776                 break;
 777                 }
 778         }
 779 }
 780
 781
 782 /*
 783  * Send PPP LCP packet.
 784  */
 785
 786 static void sppp_cp_send (struct sppp *sp, u16 proto, u8 type,
 787         u8 ident, u16 len, void *data)
 788 {
 789         struct ppp_header *h;
 790         struct lcp_header *lh;
 791         struct sk_buff *skb;
 792         struct net_device *dev = sp->pp_if;
 793
 794         skb=alloc_skb(dev->hard_header_len+PPP_HEADER_LEN+LCP_HEADER_LEN+len,
 795                 GFP_ATOMIC);
 796         if (skb==NULL)
 797                 return;
 798
 799         skb_reserve(skb,dev->hard_header_len);
 800
 801         h = (struct ppp_header *)skb_put(skb, sizeof(struct ppp_header));
 802         h->address = PPP_ALLSTATIONS;        /* broadcast address */
 803         h->control = PPP_UI;                 /* Unnumbered Info */
 804         h->protocol = htons (proto);         /* Link Control Protocol */
 805
 806         lh = (struct lcp_header *)skb_put(skb, sizeof(struct lcp_header));
 807         lh->type = type;
 808         lh->ident = ident;
 809         lh->len = htons (LCP_HEADER_LEN + len);
 810
 811         if (len)
 812                 memcpy(skb_put(skb,len),data, len);
 813
 814         if (sp->pp_flags & PP_DEBUG) {
 815                 printk (KERN_WARNING "%s: %s output <%s id=%xh len=%xh",
 816                         dev->name,
 817                         proto==PPP_LCP ? "lcp" : "ipcp",
 818                         proto==PPP_LCP ? sppp_lcp_type_name (lh->type) :
 819                         sppp_ipcp_type_name (lh->type), lh->ident,
 820                         ntohs (lh->len));
 821                 if (len)
 822                         sppp_print_bytes ((u8*) (lh+1), len);
 823                 printk (">\n");
 824         }
 825         /* Control is high priority so it doesn't get queued behind data */
 826         skb->priority=TC_PRIO_CONTROL;
 827         skb->dev = dev;
 828         skb_queue_tail(&tx_queue, skb);
 829 }
 830
 831 /*
 832  * Send Cisco keepalive packet.
 833  */
 834
 835 static void sppp_cisco_send (struct sppp *sp, int type, u32 par1, u32 par2)
 836 {
 837         struct ppp_header *h;
 838         struct cisco_packet *ch;
 839         struct sk_buff *skb;
 840         struct net_device *dev = sp->pp_if;
 841         u32 t = jiffies * 1000/HZ;
 842
 843         skb=alloc_skb(dev->hard_header_len+PPP_HEADER_LEN+CISCO_PACKET_LEN,
 844                 GFP_ATOMIC);
 845
 846         if(skb==NULL)
 847                 return;
 848
 849         skb_reserve(skb, dev->hard_header_len);
 850         h = (struct ppp_header *)skb_put (skb, sizeof(struct ppp_header));
 851         h->address = CISCO_MULTICAST;
 852         h->control = 0;
 853         h->protocol = htons (CISCO_KEEPALIVE);
 854
 855         ch = (struct cisco_packet*)skb_put(skb, CISCO_PACKET_LEN);
 856         ch->type = htonl (type);
 857         ch->par1 = htonl (par1);
 858         ch->par2 = htonl (par2);
 859         ch->rel = htons(0xffff);
 860         ch->time0 = htons ((u16) (t >> 16));
 861         ch->time1 = htons ((u16) t);
 862
 863         if (sp->pp_flags & PP_DEBUG)
 864                 printk (KERN_WARNING "%s: cisco output: <%xh %xh %xh %xh %xh-%xh>\n",
 865                         dev->name,  ntohl (ch->type), ch->par1,
 866                         ch->par2, ch->rel, ch->time0, ch->time1);
 867         skb->priority=TC_PRIO_CONTROL;
 868         skb->dev = dev;
 869         skb_queue_tail(&tx_queue, skb);
 870 }
 871
 872 /**
 873  *      sppp_close - close down a synchronous PPP or Cisco HDLC link
 874  *      @dev: The network device to drop the link of
 875  *
 876  *      This drops the logical interface to the channel. It is not
 877  *      done politely as we assume we will also be dropping DTR. Any
 878  *      timeouts are killed.
 879  */
 880
 881 int sppp_close (struct net_device *dev)
 882 {
 883         struct sppp *sp = (struct sppp *)sppp_of(dev);
 884         unsigned long flags;
 885
 886         spin_lock_irqsave(&sp->lock, flags);
 887         sp->pp_link_state = SPPP_LINK_DOWN;
 888         sp->lcp.state = LCP_STATE_CLOSED;
 889         sp->ipcp.state = IPCP_STATE_CLOSED;
 890         sppp_clear_timeout (sp);
 891         spin_unlock_irqrestore(&sp->lock, flags);
 892
 893         return 0;
 894 }
 895
 896 EXPORT_SYMBOL(sppp_close);
 897
 898 /**
 899  *      sppp_open - open a synchronous PPP or Cisco HDLC link
 900  *      @dev:   Network device to activate
 901  *
 902  *      Close down any existing synchronous session and commence
 903  *      from scratch. In the PPP case this means negotiating LCP/IPCP
 904  *      and friends, while for Cisco HDLC we simply need to start sending
 905  *      keepalives
 906  */
 907
 908 int sppp_open (struct net_device *dev)
 909 {
 910         struct sppp *sp = (struct sppp *)sppp_of(dev);
 911         unsigned long flags;
 912
 913         sppp_close(dev);
 914
 915         spin_lock_irqsave(&sp->lock, flags);
 916         if (!(sp->pp_flags & PP_CISCO)) {
 917                 sppp_lcp_open (sp);
 918         }
 919         sp->pp_link_state = SPPP_LINK_DOWN;
 920         spin_unlock_irqrestore(&sp->lock, flags);
 921         sppp_flush_xmit();
 922
 923         return 0;
 924 }
 925
 926 EXPORT_SYMBOL(sppp_open);
 927
 928 /**
 929  *      sppp_reopen - notify of physical link loss
 930  *      @dev: Device that lost the link
 931  *
 932  *      This function informs the synchronous protocol code that
 933  *      the underlying link died (for example a carrier drop on X.21)
 934  *
 935  *      We increment the magic numbers to ensure that if the other end
 936  *      failed to notice we will correctly start a new session. It happens
 937  *      do to the nature of telco circuits is that you can lose carrier on
 938  *      one endonly.
 939  *
 940  *      Having done this we go back to negotiating. This function may
 941  *      be called from an interrupt context.
 942  */
 943
 944 int sppp_reopen (struct net_device *dev)
 945 {
 946         struct sppp *sp = (struct sppp *)sppp_of(dev);
 947         unsigned long flags;
 948
 949         sppp_close(dev);
 950
 951         spin_lock_irqsave(&sp->lock, flags);
 952         if (!(sp->pp_flags & PP_CISCO))
 953         {
 954                 sp->lcp.magic = jiffies;
 955                 ++sp->pp_seq;
 956                 sp->lcp.state = LCP_STATE_CLOSED;
 957                 sp->ipcp.state = IPCP_STATE_CLOSED;
 958                 /* Give it a moment for the line to settle then go */
 959                 sppp_set_timeout (sp, 1);
 960         }
 961         sp->pp_link_state=SPPP_LINK_DOWN;
 962         spin_unlock_irqrestore(&sp->lock, flags);
 963
 964         return 0;
 965 }
 966
 967 EXPORT_SYMBOL(sppp_reopen);
 968
 969 /**
 970  *      sppp_change_mtu - Change the link MTU
 971  *      @dev:   Device to change MTU on
 972  *      @new_mtu: New MTU
 973  *
 974  *      Change the MTU on the link. This can only be called with
 975  *      the link down. It returns an error if the link is up or
 976  *      the mtu is out of range.
 977  */
 978
 979 static int sppp_change_mtu(struct net_device *dev, int new_mtu)
 980 {
 981         if(new_mtu<128||new_mtu>PPP_MTU||(dev->flags&IFF_UP))
 982                 return -EINVAL;
 983         dev->mtu=new_mtu;
 984         return 0;
 985 }
 986
 987 /**
 988  *      sppp_do_ioctl - Ioctl handler for ppp/hdlc
 989  *      @dev: Device subject to ioctl
 990  *      @ifr: Interface request block from the user
 991  *      @cmd: Command that is being issued
 992  *
 993  *      This function handles the ioctls that may be issued by the user
 994  *      to control the settings of a PPP/HDLC link. It does both busy
 995  *      and security checks. This function is intended to be wrapped by
 996  *      callers who wish to add additional ioctl calls of their own.
 997  */
 998
 999 int sppp_do_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
1000 {
1001         struct sppp *sp = (struct sppp *)sppp_of(dev);
1002
1003         if(dev->flags&IFF_UP)
1004                 return -EBUSY;
1005
1006         if(!capable(CAP_NET_ADMIN))
1007                 return -EPERM;
1008
1009         switch(cmd)
1010         {
1011                 case SPPPIOCCISCO:
1012                         sp->pp_flags|=PP_CISCO;
1013                         dev->type = ARPHRD_HDLC;
1014                         break;
1015                 case SPPPIOCPPP:
1016                         sp->pp_flags&=~PP_CISCO;
1017                         dev->type = ARPHRD_PPP;
1018                         break;
1019                 case SPPPIOCDEBUG:
1020                         sp->pp_flags&=~PP_DEBUG;
1021                         if(ifr->ifr_flags)
1022                                 sp->pp_flags|=PP_DEBUG;
1023                         break;
1024                 case SPPPIOCGFLAGS:
1025                         if(copy_to_user(ifr->ifr_data, &sp->pp_flags, sizeof(sp->pp_flags)))
1026                                 return -EFAULT;
1027                         break;
1028                 case SPPPIOCSFLAGS:
1029                         if(copy_from_user(&sp->pp_flags, ifr->ifr_data, sizeof(sp->pp_flags)))
1030                                 return -EFAULT;
1031                         break;
1032                 default:
1033                         return -EINVAL;
1034         }
1035         return 0;
1036 }
1037
1038 EXPORT_SYMBOL(sppp_do_ioctl);
1039
1040 /**
1041  *      sppp_attach - attach synchronous PPP/HDLC to a device
1042  *      @pd:    PPP device to initialise
1043  *
1044  *      This initialises the PPP/HDLC support on an interface. At the
1045  *      time of calling the dev element must point to the network device
1046  *      that this interface is attached to. The interface should not yet
1047  *      be registered.
1048  */
1049
1050 void sppp_attach(struct ppp_device *pd)
1051 {
1052         struct net_device *dev = pd->dev;
1053         struct sppp *sp = &pd->sppp;
1054         unsigned long flags;
1055
1056         /* Make sure embedding is safe for sppp_of */
1057         BUG_ON(sppp_of(dev) != sp);
1058
1059         spin_lock_irqsave(&spppq_lock, flags);
1060         /* Initialize keepalive handler. */
1061         if (! spppq)
1062         {
1063                 init_timer(&sppp_keepalive_timer);
1064                 sppp_keepalive_timer.expires=jiffies+10*HZ;
1065                 sppp_keepalive_timer.function=sppp_keepalive;
1066                 add_timer(&sppp_keepalive_timer);
1067         }
1068         /* Insert new entry into the keepalive list. */
1069         sp->pp_next = spppq;
1070         spppq = sp;
1071         spin_unlock_irqrestore(&spppq_lock, flags);
1072
1073         sp->pp_loopcnt = 0;
1074         sp->pp_alivecnt = 0;
1075         sp->pp_seq = 0;
1076         sp->pp_rseq = 0;
1077         sp->pp_flags = PP_KEEPALIVE|PP_CISCO|debug;/*PP_DEBUG;*/
1078         sp->lcp.magic = 0;
1079         sp->lcp.state = LCP_STATE_CLOSED;
1080         sp->ipcp.state = IPCP_STATE_CLOSED;
1081         sp->pp_if = dev;
1082         spin_lock_init(&sp->lock);
1083
1084         /*
1085          *      Device specific setup. All but interrupt handler and
1086          *      hard_start_xmit.
1087          */
1088
1089         dev->header_ops = &sppp_header_ops;
1090
1091         dev->tx_queue_len = 10;
1092         dev->type = ARPHRD_HDLC;
1093         dev->addr_len = 0;
1094         dev->hard_header_len = sizeof(struct ppp_header);
1095         dev->mtu = PPP_MTU;
1096         /*
1097          *      These 4 are callers but MUST also call sppp_ functions
1098          */
1099         dev->do_ioctl = sppp_do_ioctl;
1100 #if 0
1101         dev->get_stats = NULL;          /* Let the driver override these */
1102         dev->open = sppp_open;
1103         dev->stop = sppp_close;
1104 #endif
1105         dev->change_mtu = sppp_change_mtu;
1106         dev->flags = IFF_MULTICAST|IFF_POINTOPOINT|IFF_NOARP;
1107 }
1108
1109 EXPORT_SYMBOL(sppp_attach);
1110
1111 /**
1112  *      sppp_detach - release PPP resources from a device
1113  *      @dev:   Network device to release
1114  *
1115  *      Stop and free up any PPP/HDLC resources used by this
1116  *      interface. This must be called before the device is
1117  *      freed.
1118  */
1119
1120 void sppp_detach (struct net_device *dev)
1121 {
1122         struct sppp **q, *p, *sp = (struct sppp *)sppp_of(dev);
1123         unsigned long flags;
1124
1125         spin_lock_irqsave(&spppq_lock, flags);
1126         /* Remove the entry from the keepalive list. */
1127         for (q = &spppq; (p = *q); q = &p->pp_next)
1128                 if (p == sp) {
1129                         *q = p->pp_next;
1130                         break;
1131                 }
1132
1133         /* Stop keepalive handler. */
1134         if (! spppq)
1135                 del_timer(&sppp_keepalive_timer);
1136         sppp_clear_timeout (sp);
1137         spin_unlock_irqrestore(&spppq_lock, flags);
1138 }
1139
1140 EXPORT_SYMBOL(sppp_detach);
1141
1142 /*
1143  * Analyze the LCP Configure-Request options list
1144  * for the presence of unknown options.
1145  * If the request contains unknown options, build and
1146  * send Configure-reject packet, containing only unknown options.
1147  */
1148 static int
1149 sppp_lcp_conf_parse_options (struct sppp *sp, struct lcp_header *h,
1150         int len, u32 *magic)
1151 {
1152         u8 *buf, *r, *p;
1153         int rlen;
1154
1155         len -= 4;
1156         buf = r = kmalloc (len, GFP_ATOMIC);
1157         if (! buf)
1158                 return (0);
1159
1160         p = (void*) (h+1);
1161         for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
1162                 switch (*p) {
1163                 case LCP_OPT_MAGIC:
1164                         /* Magic number -- extract. */
1165                         if (len >= 6 && p[1] == 6) {
1166                                 *magic = (u32)p[2] << 24 |
1167                                         (u32)p[3] << 16 | p[4] << 8 | p[5];
1168                                 continue;
1169                         }
1170                         break;
1171                 case LCP_OPT_ASYNC_MAP:
1172                         /* Async control character map -- check to be zero. */
1173                         if (len >= 6 && p[1] == 6 && ! p[2] && ! p[3] &&
1174                             ! p[4] && ! p[5])
1175                                 continue;
1176                         break;
1177                 case LCP_OPT_MRU:
1178                         /* Maximum receive unit -- always OK. */
1179                         continue;
1180                 default:
1181                         /* Others not supported. */
1182                         break;
1183                 }
1184                 /* Add the option to rejected list. */
1185                 memcpy(r, p, p[1]);
1186                 r += p[1];
1187                 rlen += p[1];
1188         }
1189         if (rlen)
1190                 sppp_cp_send (sp, PPP_LCP, LCP_CONF_REJ, h->ident, rlen, buf);
1191         kfree(buf);
1192         return (rlen == 0);
1193 }
1194
1195 static void sppp_ipcp_input (struct sppp *sp, struct sk_buff *skb)
1196 {
1197         struct lcp_header *h;
1198         struct net_device *dev = sp->pp_if;
1199         int len = skb->len;
1200
1201         if (!pskb_may_pull(skb, sizeof(struct lcp_header))) {
1202                 if (sp->pp_flags & PP_DEBUG)
1203                         printk (KERN_WARNING "%s: invalid ipcp packet length: %d bytes\n",
1204                                 dev->name,  len);
1205                 return;
1206         }
1207         h = (struct lcp_header *)skb->data;
1208         skb_pull(skb,sizeof(struct lcp_header));
1209         if (sp->pp_flags & PP_DEBUG) {
1210                 printk (KERN_WARNING "%s: ipcp input: %d bytes <%s id=%xh len=%xh",
1211                         dev->name,  len,
1212                         sppp_ipcp_type_name (h->type), h->ident, ntohs (h->len));
1213                 if (len > 4)
1214                         sppp_print_bytes ((u8*) (h+1), len-4);
1215                 printk (">\n");
1216         }
1217         if (len > ntohs (h->len))
1218                 len = ntohs (h->len);
1219         switch (h->type) {
1220         default:
1221                 /* Unknown packet type -- send Code-Reject packet. */
1222                 sppp_cp_send (sp, PPP_IPCP, IPCP_CODE_REJ, ++sp->pp_seq, len, h);
1223                 break;
1224         case IPCP_CONF_REQ:
1225                 if (len < 4) {
1226                         if (sp->pp_flags & PP_DEBUG)
1227                                 printk (KERN_WARNING "%s: invalid ipcp configure request packet length: %d bytes\n",
1228                                         dev->name, len);
1229                         return;
1230                 }
1231                 if (len > 4) {
1232                         sppp_cp_send (sp, PPP_IPCP, LCP_CONF_REJ, h->ident,
1233                                 len-4, h+1);
1234
1235                         switch (sp->ipcp.state) {
1236                         case IPCP_STATE_OPENED:
1237                                 /* Initiate renegotiation. */
1238                                 sppp_ipcp_open (sp);
1239                                 /* fall through... */
1240                         case IPCP_STATE_ACK_SENT:
1241                                 /* Go to closed state. */
1242                                 sp->ipcp.state = IPCP_STATE_CLOSED;
1243                         }
1244                 } else {
1245                         /* Send Configure-Ack packet. */
1246                         sppp_cp_send (sp, PPP_IPCP, IPCP_CONF_ACK, h->ident,
1247                                 0, NULL);
1248                         /* Change the state. */
1249                         if (sp->ipcp.state == IPCP_STATE_ACK_RCVD)
1250                                 sp->ipcp.state = IPCP_STATE_OPENED;
1251                         else
1252                                 sp->ipcp.state = IPCP_STATE_ACK_SENT;
1253                 }
1254                 break;
1255         case IPCP_CONF_ACK:
1256                 if (h->ident != sp->ipcp.confid)
1257                         break;
1258                 sppp_clear_timeout (sp);
1259                 switch (sp->ipcp.state) {
1260                 case IPCP_STATE_CLOSED:
1261                         sp->ipcp.state = IPCP_STATE_ACK_RCVD;
1262                         sppp_set_timeout (sp, 5);
1263                         break;
1264                 case IPCP_STATE_ACK_SENT:
1265                         sp->ipcp.state = IPCP_STATE_OPENED;
1266                         break;
1267                 }
1268                 break;
1269         case IPCP_CONF_NAK:
1270         case IPCP_CONF_REJ:
1271                 if (h->ident != sp->ipcp.confid)
1272                         break;
1273                 sppp_clear_timeout (sp);
1274                         /* Initiate renegotiation. */
1275                 sppp_ipcp_open (sp);
1276                 if (sp->ipcp.state != IPCP_STATE_ACK_SENT)
1277                         /* Go to closed state. */
1278                         sp->ipcp.state = IPCP_STATE_CLOSED;
1279                 break;
1280         case IPCP_TERM_REQ:
1281                 /* Send Terminate-Ack packet. */
1282                 sppp_cp_send (sp, PPP_IPCP, IPCP_TERM_ACK, h->ident, 0, NULL);
1283                 /* Go to closed state. */
1284                 sp->ipcp.state = IPCP_STATE_CLOSED;
1285                 /* Initiate renegotiation. */
1286                 sppp_ipcp_open (sp);
1287                 break;
1288         case IPCP_TERM_ACK:
1289                 /* Ignore for now. */
1290         case IPCP_CODE_REJ:
1291                 /* Ignore for now. */
1292                 break;
1293         }
1294 }
1295
1296 static void sppp_lcp_open (struct sppp *sp)
1297 {
1298         char opt[6];
1299
1300         if (! sp->lcp.magic)
1301                 sp->lcp.magic = jiffies;
1302         opt[0] = LCP_OPT_MAGIC;
1303         opt[1] = sizeof (opt);
1304         opt[2] = sp->lcp.magic >> 24;
1305         opt[3] = sp->lcp.magic >> 16;
1306         opt[4] = sp->lcp.magic >> 8;
1307         opt[5] = sp->lcp.magic;
1308         sp->lcp.confid = ++sp->pp_seq;
1309         sppp_cp_send (sp, PPP_LCP, LCP_CONF_REQ, sp->lcp.confid,
1310                 sizeof (opt), &opt);
1311         sppp_set_timeout (sp, 2);
1312 }
1313
1314 static void sppp_ipcp_open (struct sppp *sp)
1315 {
1316         sp->ipcp.confid = ++sp->pp_seq;
1317         sppp_cp_send (sp, PPP_IPCP, IPCP_CONF_REQ, sp->ipcp.confid, 0, NULL);
1318         sppp_set_timeout (sp, 2);
1319 }
1320
1321 /*
1322  * Process PPP control protocol timeouts.
1323  */
1324
1325 static void sppp_cp_timeout (unsigned long arg)
1326 {
1327         struct sppp *sp = (struct sppp*) arg;
1328         unsigned long flags;
1329
1330         spin_lock_irqsave(&sp->lock, flags);
1331
1332         sp->pp_flags &= ~PP_TIMO;
1333         if (! (sp->pp_if->flags & IFF_UP) || (sp->pp_flags & PP_CISCO)) {
1334                 spin_unlock_irqrestore(&sp->lock, flags);
1335                 return;
1336         }
1337         switch (sp->lcp.state) {
1338         case LCP_STATE_CLOSED:
1339                 /* No ACK for Configure-Request, retry. */
1340                 sppp_lcp_open (sp);
1341                 break;
1342         case LCP_STATE_ACK_RCVD:
1343                 /* ACK got, but no Configure-Request for peer, retry. */
1344                 sppp_lcp_open (sp);
1345                 sp->lcp.state = LCP_STATE_CLOSED;
1346                 break;
1347         case LCP_STATE_ACK_SENT:
1348                 /* ACK sent but no ACK for Configure-Request, retry. */
1349                 sppp_lcp_open (sp);
1350                 break;
1351         case LCP_STATE_OPENED:
1352                 /* LCP is already OK, try IPCP. */
1353                 switch (sp->ipcp.state) {
1354                 case IPCP_STATE_CLOSED:
1355                         /* No ACK for Configure-Request, retry. */
1356                         sppp_ipcp_open (sp);
1357                         break;
1358                 case IPCP_STATE_ACK_RCVD:
1359                         /* ACK got, but no Configure-Request for peer, retry. */
1360                         sppp_ipcp_open (sp);
1361                         sp->ipcp.state = IPCP_STATE_CLOSED;
1362                         break;
1363                 case IPCP_STATE_ACK_SENT:
1364                         /* ACK sent but no ACK for Configure-Request, retry. */
1365                         sppp_ipcp_open (sp);
1366                         break;
1367                 case IPCP_STATE_OPENED:
1368                         /* IPCP is OK. */
1369                         break;
1370                 }
1371                 break;
1372         }
1373         spin_unlock_irqrestore(&sp->lock, flags);
1374         sppp_flush_xmit();
1375 }
1376
1377 static char *sppp_lcp_type_name (u8 type)
1378 {
1379         static char buf [8];
1380         switch (type) {
1381         case LCP_CONF_REQ:   return ("conf-req");
1382         case LCP_CONF_ACK:   return ("conf-ack");
1383         case LCP_CONF_NAK:   return ("conf-nack");
1384         case LCP_CONF_REJ:   return ("conf-rej");
1385         case LCP_TERM_REQ:   return ("term-req");
1386         case LCP_TERM_ACK:   return ("term-ack");
1387         case LCP_CODE_REJ:   return ("code-rej");
1388         case LCP_PROTO_REJ:  return ("proto-rej");
1389         case LCP_ECHO_REQ:   return ("echo-req");
1390         case LCP_ECHO_REPLY: return ("echo-reply");
1391         case LCP_DISC_REQ:   return ("discard-req");
1392         }
1393         sprintf (buf, "%xh", type);
1394         return (buf);
1395 }
1396
1397 static char *sppp_ipcp_type_name (u8 type)
1398 {
1399         static char buf [8];
1400         switch (type) {
1401         case IPCP_CONF_REQ:   return ("conf-req");
1402         case IPCP_CONF_ACK:   return ("conf-ack");
1403         case IPCP_CONF_NAK:   return ("conf-nack");
1404         case IPCP_CONF_REJ:   return ("conf-rej");
1405         case IPCP_TERM_REQ:   return ("term-req");
1406         case IPCP_TERM_ACK:   return ("term-ack");
1407         case IPCP_CODE_REJ:   return ("code-rej");
1408         }
1409         sprintf (buf, "%xh", type);
1410         return (buf);
1411 }
1412
1413 static void sppp_print_bytes (u_char *p, u16 len)
1414 {
1415         printk (" %x", *p++);
1416         while (--len > 0)
1417                 printk ("-%x", *p++);
1418 }
1419
1420 /**
1421  *      sppp_rcv -      receive and process a WAN PPP frame
1422  *      @skb:   The buffer to process
1423  *      @dev:   The device it arrived on
1424  *      @p: Unused
1425  *      @orig_dev: Unused
1426  *
1427  *      Protocol glue. This drives the deferred processing mode the poorer
1428  *      cards use. This can be called directly by cards that do not have
1429  *      timing constraints but is normally called from the network layer
1430  *      after interrupt servicing to process frames queued via netif_rx.
1431  */
1432
1433 static int sppp_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *p, struct net_device *orig_dev)
1434 {
1435         if (dev_net(dev) != &init_net) {
1436                 kfree_skb(skb);
1437                 return 0;
1438         }
1439
1440         if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
1441                 return NET_RX_DROP;
1442         sppp_input(dev,skb);
1443         return 0;
1444 }
1445
1446 static struct packet_type sppp_packet_type = {
1447         .type   = __constant_htons(ETH_P_WAN_PPP),
1448         .func   = sppp_rcv,
1449 };
1450
1451 static char banner[] __initdata =
1452         KERN_INFO "Cronyx Ltd, Synchronous PPP and CISCO HDLC (c) 1994\n"
1453         KERN_INFO "Linux port (c) 1998 Building Number Three Ltd & "
1454                   "Jan \"Yenya\" Kasprzak.\n";
1455
1456 static int __init sync_ppp_init(void)
1457 {
1458         if(debug)
1459                 debug=PP_DEBUG;
1460         printk(banner);
1461         skb_queue_head_init(&tx_queue);
1462         dev_add_pack(&sppp_packet_type);
1463         return 0;
1464 }
1465
1466
1467 static void __exit sync_ppp_cleanup(void)
1468 {
1469         dev_remove_pack(&sppp_packet_type);
1470 }
1471
1472 module_init(sync_ppp_init);
1473 module_exit(sync_ppp_cleanup);
1474 module_param(debug, int, 0);
1475 MODULE_LICENSE("GPL");
1476